VARs have become an essential tool for companies to navigate the information security landscape, which means they need to stay ahead of the curve on security vulnerabilities impacting their clients. VARs can offer significant value-added security services to their clients to build better customer relations, grow their brand, boost revenue, and protect their customers’ assets.
On the Need to Educate Clients
It can be safely argued that employees are one of the biggest risks to the enterprise. Whether malicious or unintentional, there is a trend of internal actors being the cause of data breaches. The obvious way to fix that problem is training and education. Here is where the VAR can step in.
For example, insider threats are a rising phenomenon that very few large organizations and enterprises are ready to take head on. While many have implemented after-the-fact programs, DLP solutions, and IT forensic tools, very few have sought out measures for proactive insider threat detection and prevention. As a VAR, teaching a methodology and deploying a process that’s proactive and protects your customer is where the real value lies. This means taking an approach that takes into account people as well as the technology and devices that those people interact with—from cloud uploads and USB drives to e-mail attachments—in order to stop insider threats from causing damage in real-time. All VARs should be aware of the best practices and various technologies that companies are implementing, but most importantly they should be ahead of the curve in knowing what technologies exist and companies are missing out on.
In order to be effective, the company needs to make sure that they engage with their customers at the executive level to clearly elaborate what risks there are and how the VAR can protect them. Executives today want to know where their data is and that their data is safe. Implementing the common cybersecurity firewalls, malware protection, etc. is a must, but showing companies how they can do a little extra to make their data a lot safer is a good approach for VARs.
The Threat that Drives Profits
Many CIOs suffer sleepless nights as they read of attacks on companies that have crippled stock prices, opened them up to litigation, and done great damage to their brand after their customers’ data has been stolen. What keeps them awake is that in many instances, those hacked companies had standard protocols and procedures in place to guard against the worst from happening. But those don’t work when hackers are able to go around them or someone from the inside helps breach the data.
So how can VARs help? Many times, situations in which company data has been breached are extremely sensitive, so that means having a trusted and established relationship with clients beforehand can be helpful for consulting them about the type of information security program they should implement. However, it’s not that easy to gain a customer’s trust. The best way is to constantly keep track of past experience. Show clients that you’ve dealt with organizations of their size, in their field, understand their compliance requirements and more. If you’re sitting inside a financial organization, they want to know that other financial organizations have had similar issues and have recovered or even prevented security mishaps.
On Top of Experience, VARs Need Education to Serve their Customers Well
VARs need to engage in an ongoing and continuous education campaign against existing and new threats their customers face and how to implement the best defensive tools. Whether it’s via engaging another cybersecurity firm and bringing consultants onboard to work with their clients or consistently attending extended education and certification courses, VARs need to know what they’re pitching and how it stacks up within the information security ecosystem. Reading daily blogs from security researchers and security product vendors is also a great way to stay ahead of the curve, because they dive into latest hacker tools, techniques, and trends.
How the VAR Can Serve as the Go Between
Most companies do not know enough to handle information or cyber security threats and rely on consultants and their VARs to assure they do not occur. Additionally, they are not completely familiar with how to write security plans required by their regulators and government. This creates opportunities for VARs to offer managed services. They can couple the sale of their products with ongoing additional support. This support is targeted to protecting a company and providing forensics. The VAR has experience in multiple industries, so they know what threats are unique to each, which means their experience is extremely beneficial to helping a company write a security plan. That includes a communication plan on how to work with customers, media, regulators, and law enforcement in case of an attack.
Isaac Kohen is the founder and CEO of Teramind, an employee monitoring and insider threat prevention platform that detects, records, and prevents, malicious user behavior. Isaac can be reached at [email protected].